Security Engineer (Hardening, Active Directory & Endpoint Security)

We are seeking an experienced Security Engineer with strong expertise in system hardening, Active Directory security, Group Policy management, and endpoint security. The ideal candidate will be responsible for reviewing, implementing and maintaining security baselines, ensuring compliance with CIS Benchmarks, managing AD security policies, and strengthening endpoint protection across the enterprise environment.

Key Responsibilities

• Implement and maintain server and workstation hardening standards based on CIS Benchmarks and industry best practices.
• Perform security assessments, gap analysis, and remediation activities for Windows and Linux environments.
• Design, configure, and manage Active Directory Group Policies (GPOs) to enforce security controls and compliance requirements.
• Develop and maintain security baselines for servers, databases, and virtual environments.
• Configure and manage endpoint security solutions, including antivirus, EDR/XDR, application control, device control, and encryption technologies.
• Monitor endpoint security posture and remediate vulnerabilities identified through security scans and audits.
• Collaborate with infrastructure and application teams to implement security controls without impacting business operations.
• Conduct security reviews of AD configurations, privileged accounts, service accounts, and authentication mechanisms.
• Support vulnerability management activities, including risk assessment, remediation tracking, and compliance reporting.
• Create and maintain security documentation, hardening standards, and operational procedures.
• Participate in incident response activities related to endpoint and infrastructure security.

Required Skills

• Strong experience in Windows Server and Active Directory Administration.
• Hands-on experience implementing CIS Benchmarks for Windows, Linux, and endpoint systems.
• Expertise in Group Policy Objects (GPOs), security templates, and AD security best practices.
• Experience with endpoint security platforms such as Microsoft Defender for Endpoint, CrowdStrike, Sentinel One, Trellix, or Symantec Endpoint Security.
• Strong understanding of security controls including:
  • Privileged Access Management (PAM)
  • Multi-Factor Authentication (MFA)
  • Endpoint Encryption
  • Application Whitelisting
  • Device Control
• Experience with one of the vulnerability management tools such as Tenable, Qualys, or Rapid7.
• Knowledge of security frameworks and standards including CIS, NIST, and ISO 27001.
• Scripting experience using PowerShell for automation and security policy deployment.

Preferred Qualifications

• Bachelor''s degree in computer science, Information Security, or related field.
• Security certifications such as:
  • CISSP
  • Security+
  • Microsoft Security Certifications
  • GIAC Certifications
  • CIS Benchmark-related certifications
• Experience in enterprise-scale security operations and compliance environments.

Key Competencies

• Security Hardening & Compliance
• Active Directory Security
• Group Policy Administration
• Server and Database Security
• Vulnerability Management
• Incident Response Support
• Security Automation
• Risk Assessment & Remediation